Combating the new age of Cyber-Criminals involved in Ransomware attacks

Picture the following scenario; you have just embarked on a well-deserved holiday to Austria with your significant other, and are about to check into the luxurious 4 star hotel- Romantik Seehotel Jägerwirt. Minutes after checking in, you learn that you are unable to enter your hotel room. The two of you would like to refresh yourselves before enjoying the beautiful lakeside setting along the Alpine Turracher Hohe Pass. It is winter and is therefore absolutely gorgeous! Regardless, you still cannot enter your room to freshen up and get changed. The hotel management informs you that the key card system isn’t working and that you have been locked out of your hotel room. What’s worse is that there’s nothing they can do about it!

With your frustrations building up and your holiday experience just being ruined, you later find out that the hotel’s modern IT system has been hacked by cyber-criminals and that they were holding it ransom. They had agreed to restore the hotel’s systems if just 1,500 EUR (1,272 GBP) in Bitcoin was paid to them.

What you may have realized by now, is that the scenario being described really did occur. It was all the more real for the furious managing director, Christoph Brandstaetter, who told the press “The hotel was totally booked with 180 guests, we had no other choice. Neither police nor insurance would help you in this case.” Hence, it was cheaper and faster for the hotel to just pay the Bitcoin as ransom.

Once the hackers got the money, they unlocked the key registry system and all other computers, enabling the hotel to function as normal again. The case costed the hotel lots of money and perhaps more importantly, it negatively impacted their brand’s reputation in the eyes of their loyal customers.

This is just one of many reported cases involving ransomware. A study performed by Symantec between April, 2015 and April, 2016, showcased that it was not only a serious threat to private institutions and national security. It was discerned that end consumers were the most affected victims, accounting to 57% of all attacks, in comparison to enterprises at only 43%.

The various percentages in terms of the nature of businesses that were attacked:

Services sector with 38% was by far the most affected

Manufacturing at 17%

Finance, insurance and real estate with 10% of infections

Public administration at 10%

Wholesale trade at 9%

Transportation, communications and utilities at 7%

Retail trade at 4%

Construction with 4%

Mining, agriculture, forestry and fishing with just 1% of infections

On an international scale, the US was the region most affected by ransomware during the period mentioned, with 28% of all global infections. Canada, Australia, India, Japan, Italy, the UK, Germany, the Netherlands, and Malaysia round out the top 10. The average ransom demand has more than doubled and is now $679, up from $294 at the end of 2015.

Cyber-criminals have introduced many new versions of ransomware, that are now being coded using different programming languages, such as JavaScript, PHP, PowerShell, and Python. These languages are specifically used as an effort to evade detection by the various security products in the market.

A series of more advanced types of ransomware have also begun to worsen the damage done, by going beyond the usual methods of locking devices or encrypting files.

Some of these include:

CryptXXX (Trojan.Cryptolocker.AN), which contains an enhanced feature that allows it to gather Bitcoin wallet data and send it to the attackers.

Cerber (Trojan.Cryptolocker.AH), which is reportedly capable of adding the infected computer to a botnet which can then be used to carry out distributed denial of service (DDoS) attacks.

Chimera (Trojan.Ransomcrypt.V), which makes an additional threat in its ransom message.

RaaS (Ransomware-as-a-Service), which allows a larger number of cyber-criminals to acquire their own ransomware, including those with relatively low levels of expertise.

Adoption of these new techniques demonstrate how ransomware is continuously evolving to be more threatening while remaining profitable.

Another growing phenomenon that has been witnessed with the increased number of ransomware cases, is the involvement of ‘rogue employees’ in enterprises.

Rogue employees tend to have access to sensitive information that belong to enterprises and could use ransomware as a threat to expose, destroy or manipulate this sensitive information.

These attacks could cost the organisation millions of dollars in terms of operations and even impact its reputation.

Some enterprises fail to understand how important the information that they hold in their systems really are, until they have faced a ransomware attack themselves.

These enterprises should enlist the help of experts in the field of information security services. They can help a business safeguard their information, by engaging the correct balance of experienced professionals and tools for a specific task.

Further, the trusted advice of such a service can be relied on, to help a business regain their operations in the event of a ransomware attack.

At Idealstor (founded in 2002 by Nezzen Systems out of Gaithersburg, Maryland), with the many years of experience in providing IT security services to our customers, we have built a pool of highly seasoned information security professionals.

While researching and gaining expertise on malware and ransomware related attacks for years, our professionals have developed the ‘Flashback Business Continuity and Disaster Recovery’ solution.

This solution not only notifies our customers of ransomware infections, but it also allows them to resume operations from a previous backup if attacked. It enables the customer’s operation to functional normally, within minutes, instead of having to deal with downtime and the accompanying loss of productivity.

We also have diversified into cloud based solutions such as Disaster Recovery as a Service (DRaaS).

We have the tools and expertise within the cloud, to keep your business data protected, be operational even during a disaster and to ensure that you have peace of mind with demonstrated recoverability.

More information relating to Idealstor’s DRaaS backup and recorvery products and services can be found at: http://www.idealstor.com/business-continuity-disaster-recovery-draas/